In IBM Spectrum Scale 5.0.5, fileset auditing and skip fileset auditing are available. You can choose up to 20 filesets to apply fileset auditing to, which means that file system activity is only audited if it occurs in the specified filesets. Or, you can choose up to 20 filesets to skip fileset auditing from, which means that all file system events are audited except in the specified filesets. For more information, see Enabling or skipping filesets with file audit logging section in Spectrum Scale document.
The watch API and sample program was for creating a single node watch using the API. Currently, provides more resilient and fully integrated cluster watch with the mmwatch command. It’s recommended to use the improved mmwatch command to start clustered watches. For more information, see mmwatch command.
From version 5.0.5, IBM Spectrum Scale will no longer support creating the audit fileset on a filesystem that is not the one being audited. This means that the audit fileset must be belonged to the audited file system.
For more information about changes of File Audit Logging (FAL) and Watch Folder(WF), see Summary of changes in Spectrum Scale 18.104.22.168
Below are some demos and documents about Spectrum Scale File Audit Logging(FAL) and Watch Folder(WF) features and integrated solution with some other productions or services.
[Redbook] Securing Data on Threat Detection Using IBM Spectrum Scale and IBM QRadar: An Enhanced Cyber Resiliency Solution
[Blog] IBM Spectrum Scale Security Posture with Kibana for Visualization
[Blog] How to Visualize IBM Spectrum Scale Security Posture on Canvas
[Blog] Analyze IBM Spectrum Scale File Access Audit with ELK Stack
[Doc] Spectrum Scale File Audit Logging doc portal
[Doc] Spectrum Scale Watch Folder API doc portal
[Doc] Spectrum Scale Clustered Watch Folder doc portal